Tax Season Phishing With Fake Zoom Invites

Phishing Delivery: Attackers distributed tax related emails masquerading as Zoom invitations.

Malicious Link: The email contains a fake Zoom meeting link leading to a phishing page designed to mimic Zoom’s login interface.

Malicious File: Instead of a legitimate Zoom installer, victims download ScreenConnect, a remote support & remote access tool.

Verified Source: Email sent from a trusted compromised vendor domain passing sender authentication checks.

Trusted Cloud Platform: By hosting the malicious link within Vercel attackers exploited the platform's reputation.

Click Tracker Evasion: The phishing URL was wrapped in a click-tracking link, making it harder for security tools to analyze the final destination.

Behavioral Analysis: Abnormal’s Behavioral AI flags never-before-seen senders, unusual email content, and URLs as anomalies that enable the detection of novel attacks.

Content Analysis and Natural Language Processing: Abnormal understands the email's content, recognizing the urgency and financial implications as indicators of a financial themed attack.